twilio-ruby
twilio-ruby copied to clipboard
RequestValidator marks valid signature invalid when having multiple values attached to one parameter
Issue Summary
Same issue as https://github.com/twilio/twilio-python/issues/613
But to summarize, when Autopilot assigns a Field multiple values, the signature will be marked as invalid, due to the incorrect formatting of the string which is encrypted.
The proper format for the string should be the same as whats described in https://github.com/twilio/twilio-python/issues/613#issuecomment-1212975683
However there one slight issue with the recommended setup for ruby which will currently make it impossible to validate the signature. As seen in the Exception log, the Field_number_Value
only has one value set, which means that sinatra
is incorrectly setting parameter.
I am filing the issue here because even if sinatra
did give some form of array output, there is nothing in the code I can find to suggest anything that accounts for this possibility. Plus Twilio shouldn't be recommending this software if it doesn't fully support all of its features. I copied the code for formatting the parameters and tried it on an example:
params = Hash["something" => 1, "array" => Array[24,48,9]]
data = params.sort.join
print(data)
And got the output array24489something1
which is the incorrect format
Steps to Reproduce
- Setup the bot described in https://github.com/twilio/twilio-python/issues/613
- Setup sever below
- Check a valid signature is given when giving "6 hi hi" as the input
- Run the server, using "6 hi 4 hi 3" as the input
Code Snippet
Server setup:
require 'sinatra'
require 'twilio-ruby'
post '/autopilot' do
content_type :json
@params = params
p @params
auth_token = '*********************************'
sig = request.env["HTTP_X_TWILIO_SIGNATURE"]
validator = Twilio::Security::RequestValidator.new(auth_token)
url = 'https://******************************.eu.ngrok.io/autopilot'
if validator.validate(url, params, sig)
print "Valid signature\n"
else
print "Invalid signature\n"
{ :actions => [ { :say => "Hello" } ]}.to_json
end
Exception/Log
{"CurrentTask"=>"numbers", "Field_number_Value"=>"3", "Memory"=>"{\"twilio\":{\"chat\":{\"ChannelSid\":\"CHXXXXXXXXXXXXXXXXXXXXXXXX\",\"AssistantName\":\"\",\"Attributes\":{},\"ServiceSid\":\"IS100258ed6533477db9e6cd6d601bfdf7\",\"Index\":89,\"From\":\"\",\"MessageSid\":\"IMXXXXXXXXXXXXXXXXXXXXXXXX\"}}}", "Channel"=>"chat", "NextBestTask"=>"", "CurrentTaskConfidence"=>"1.0", "AccountSid"=>"ACXXXXXXXXXXXXXXXXXXXXXXXX", "CurrentInput"=>"6 hi 4 hi 3", "DialogueSid"=>"UKXXXXXXXXXXXXXXXXXXXXXXXX", "DialoguePayloadUrl"=>"https://autopilot.twilio.com/v1/Assistants/UAXXXXXXXXXXXXXXXXXXXXXXXX/Dialogues/UKXXXXXXXXXXXXXXXXXXXXXXXX", "AssistantSid"=>"UAXXXXXXXXXXXXXXXXXXXXXXXX", "Field_number_Type"=>"Twilio.NUMBER", "UserIdentifier"=>""}
Invalid signature
Technical details:
- twilio-ruby version:
- ruby version:
This issue has been added to our internal backlog to be prioritized. Pull requests and +1s on the issue summary will help it move up the backlog (ref: DI-2305)